<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, May 18, 2024 at 9:56 AM Orie Steele <orie@transmute.industries> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><snip></div></div></blockquote><div><br></div><div><snip> <br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"></div>If the VCWG sees value in securing holder supplied claims with JWT, I don't see why it would not make sense to secure them with SD-JWT,</div></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div><br></div><div>Mostly because it doesn't make sense and there's a real cost to having yet another option in an arena where there are arguably way too many options already.</div></div></div></blockquote><div><br>If you are processing an application/vp+ld+json+jwt (sigh)... of an application/vc+ld+json (data integrity) and an application/vc+ld+json+sd-jwt (sd-jwt+kb) and an application/vc+ld+json+cose....<br>Yes, you're paying (in CPU cycles and CVE attack surface) for the indecision of the W3C VCWG... but I don't think limiting the securing formats of a VP saves you much... That's like $5 off a $10k purchase.</div></div></div></blockquote><div><br></div><div>Just to be clear, the cost I was referring to was about the costs incurred by the larger community of people trying to work in and understand this space - developers, deployers, etc.,
and even folks involved in the standards development. <br></div><div><br></div><div><snip> <br></div></div></div>
<br>
<i style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;background:rgb(255,255,255);font-family:proxima-nova-zendesk,system-ui,-apple-system,system-ui,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",Arial,sans-serif;color:rgb(85,85,85)"><span style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;background:transparent;font-family:proxima-nova-zendesk,system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",Arial,sans-serif;font-weight:600"><font size="2">CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.</font></span></i>